Multiple vulnerabilities in Siemens SCALANCE M-800/S615 Family

1) Use of Hard-coded Cryptographic Key

EUVDB-ID: #VU83416

Risk: Low

CVSSv3.1: 4.5 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N/E:U/RL:U/RC:C]

CVE-ID: CVE-2023-44318

CWE-ID: CWE-321 - Use of Hard-coded Cryptographic Key

Exploit availability: No

Description

The vulnerability allows a remote user to compromise the target system.

The vulnerability exists due to the usage a hardcoded key to obfuscate the configuration backup that an administrator can export from the device. A remote administrator can obtain a configuration backup to extract configuration information from the exported file.

Mitigation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

SCALANCE S615 EEC: All versions

SCALANCE MUM856-1 (RoW): All versions

SCALANCE MUM856-1 (EU): All versions

SCALANCE MUM853-1 (EU): All versions

SCALANCE M876-4 (NAM): All versions

SCALANCE M876-4 (EU): All versions

SCALANCE M876-3 (ROK): All versions

SCALANCE M876-3 (EVDO): All versions

RUGGEDCOM RM1224 LTE(4G) NAM: All versions

RUGGEDCOM RM1224 LTE(4G) EU: All versions

SCALANCE M876-4: All versions

SCALANCE M874-3: All versions

SCALANCE M874-2: All versions

SCALANCE M826-2 SHDSL-Router: All versions

SCALANCE M816-1 ADSL-Router (Annex B): All versions

SCALANCE M816-1 ADSL-Router (Annex A): All versions

SCALANCE M812-1 ADSL-Router (Annex B): All versions

SCALANCE M812-1 ADSL-Router (Annex A): All versions

SCALANCE M804PB: All versions

SCALANCE S615: All versions

External links

http://cert-portal.siemens.com/productcert/txt/ssa-180704.txt

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Direct Request ('Forced Browsing')

EUVDB-ID: #VU83418

Risk: Low

CVSSv3.1: 4 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:U/RL:U/RC:C]

CVE-ID: CVE-2023-44320

CWE-ID: CWE-425 - Direct Request ('Forced Browsing')

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to improper authentication when performing certain modifications in the web interface. A remote user can influence the user interface configured by an administrator.

Mitigation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

SCALANCE S615 EEC: All versions

SCALANCE MUM856-1 (RoW): All versions

SCALANCE MUM856-1 (EU): All versions

SCALANCE MUM853-1 (EU): All versions

SCALANCE M876-4 (NAM): All versions

SCALANCE M876-4 (EU): All versions

SCALANCE M876-3 (ROK): All versions

SCALANCE M876-3 (EVDO): All versions

RUGGEDCOM RM1224 LTE(4G) NAM: All versions

RUGGEDCOM RM1224 LTE(4G) EU: All versions

SCALANCE M876-4: All versions

SCALANCE M874-3: All versions

SCALANCE M874-2: All versions

SCALANCE M826-2 SHDSL-Router: All versions

SCALANCE M816-1 ADSL-Router (Annex B): All versions

SCALANCE M816-1 ADSL-Router (Annex A): All versions

SCALANCE M812-1 ADSL-Router (Annex B): All versions

SCALANCE M812-1 ADSL-Router (Annex A): All versions

SCALANCE M804PB: All versions

SCALANCE S615: All versions

External links

http://cert-portal.siemens.com/productcert/txt/ssa-180704.txt

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Resource exhaustion

EUVDB-ID: #VU83420

Risk: Low

CVSSv3.1: 2.5 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L/E:U/RL:U/RC:C]

CVE-ID: CVE-2023-44321

CWE-ID: CWE-400 - Resource exhaustion

Exploit availability: No

Description

The vulnerability allows a remote user to perform a denial of service (DoS) attack.

The vulnerability exists due to application does not properly control consumption of internal resources. A remote administrator can trigger resource exhaustion and perform a denial of service (DoS) attack.

Mitigation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

SCALANCE S615 EEC: All versions

SCALANCE MUM856-1 (RoW): All versions

SCALANCE MUM856-1 (EU): All versions

SCALANCE MUM853-1 (EU): All versions

SCALANCE M876-4 (NAM): All versions

SCALANCE M876-4 (EU): All versions

SCALANCE M876-3 (ROK): All versions

SCALANCE M876-3 (EVDO): All versions

RUGGEDCOM RM1224 LTE(4G) NAM: All versions

RUGGEDCOM RM1224 LTE(4G) EU: All versions

SCALANCE M876-4: All versions

SCALANCE M874-3: All versions

SCALANCE M874-2: All versions

SCALANCE M826-2 SHDSL-Router: All versions

SCALANCE M816-1 ADSL-Router (Annex B): All versions

SCALANCE M816-1 ADSL-Router (Annex A): All versions

SCALANCE M812-1 ADSL-Router (Annex B): All versions

SCALANCE M812-1 ADSL-Router (Annex A): All versions

SCALANCE M804PB: All versions

SCALANCE S615: All versions

External links

http://cert-portal.siemens.com/productcert/txt/ssa-180704.txt

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.